Contact IT Support

 

 

 

 

#InsideIT

The KAUST Information Technology Department blog

The App May Be Free, But Your Data Is Not: What You Should Know Before You Sign Up

19 August, 2025

That shiny new app that takes notes, sends meeting minutes, or acts as your personal assistant looks great. The free trial is tempting. One click and you are in. There is a catch. Signing up can grant an outside company ongoing access to your KAUST account, including email, files, meetings, and more. Some apps mine data. Some keep access even after you uninstall them. KAUST IT places controls on third-party integrations with Microsoft 365 and Google Workspace to protect KAUST data, research, and people.

What counts as “integration”

If an app asks to do any of the below with your KAUST account, it is integrating and needs an IT check:

  • “Sign in with Microsoft” or “Sign in with Google”
  • Read or send your email
  • Access your OneDrive, SharePoint, Google Drive, or Calendar
  • Join your meetings, record, or transcribe them
  • Install a browser extension that scans pages or messages
  • Request “offline access” or to “act on your behalf”

Why these protections exist

  • Prevent leaks of confidential or sensitive information
  • Stay compliant with research, HR, student, and contractual requirements
  • Control costs and avoid duplicate tools and surprise renewals
  • Reduce risk from unvetted apps, plug-ins, and shadow IT

Safer options you already have

Most needs are covered with approved tools inside KAUST’s environment.

  • Meeting notes and minutes: OneNote, Teams meeting notes, Loop components, shared docs in SharePoint or OneDrive
  • Tasks and follow-ups: Planner, To Do, Outlook tasks, Lists
  • Surveys and sign-ups: Microsoft Forms, Google Forms, Formstack
  • File sharing and collaboration: SharePoint, OneDrive, Teams
  • Automation: Power Automate
  • Dashboards and reporting: Power BI
  • Appointments: Microsoft Bookings

If you are not sure which tool fits, ask us and we will match the tool to your need.

Red flags to watch for

  • “Read all your email” or “send email as you”
  • “Read and edit all your files”
  • “Offline access” or “act on your behalf”
  • “Admin consent required” or access to “all users”
  • Vague privacy policy, unclear data deletion, or no data location details

If you see these prompts, stop and talk to IT before proceeding.

Request a quick IT check

Share the basics and we will advise quickly. Copy and paste this template into your request:

Use case: What I need to do and who it is for
Data involved: Examples such as names, student info, research files, contracts, recordings
App links: Homepage, pricing, privacy, and permissions screenshot
Vendor details: Data location, certifications, SSO support, data retention and deletion

We will confirm if it is allowed, suggest an approved alternative, or onboard it the right way.

Already connected something

  1. Revoke the app’s access to your KAUST account
  2. Delete any exported data held by the vendor if possible
  3. Tell IT what you connected so we can confirm there is no residual risk

Personal accounts and AI tools

Keep KAUST work in KAUST accounts. Do not move work to personal email, drives, or personal AI assistants. Avoid pasting confidential content into public AI tools unless cleared by IT. Enterprise options are available or coming and we will guide you to them.

Quick checklist

  • Does it connect to Microsoft 365 or Google Workspace with my KAUST login? Yes → Ask IT first
  • Does it read or write mail, files, calendars, or chats? Yes → Ask IT first
  • Is there an approved KAUST tool that already does this? Often yes → We can help choose
  • Is it a browser extension? Treat it like an app → Ask IT first

FAQ

It is only a free trial. Can I try it?
Please check first. Free trials often request full access and may keep data.
The vendor says they are compliant. Is that enough?
Marketing claims are not approval. We validate details for KAUST needs.
A colleague at another university uses it. Can we?
Every institution has different obligations. We must review for KAUST.
Are browser extensions included?
Yes. Many extensions read pages, email, or files. Treat them as apps.
How long does approval take?
Simple reviews are quick. If a deeper assessment is needed, we will advise and suggest interim options.
Can the vendor speak with IT directly?
Yes. Share their contact and we will connect.

Talk to us

  • VITA, the IT Chatbot: 24/7 at vita.kaust.edu.sa
  • IT Service Desk: 910 or 012-808-0910, Sunday to Thursday, 8:00 to 17:00

Bottom line: Do not let a third-party app turn into a third-party risk. A one-minute check with IT protects you, your team, and KAUST.